I'm looking for advice on how to bootstrap a brand new AWS account for my Infrastructure as Code (IaC) project. I've previously worked with existing setups but this is my first time creating one from scratch. I want to use Terraform for everything, executed through GitHub Workflows, which means I need an S3 bucket for storing Terraform state and IAM policies or users for running Terraform. It feels like I'm stuck in a loop because I need some basic AWS configurations to run my IaC, but I want to manage that initial setup using IaC as well. What are the essential setups needed for this, and what's the best method to kick off this process? Keep in mind, this is for a personal side project, so cost efficiency is also important for me.
7 Answers
I recommend keeping a 'scripts/' directory in your project repository with bash or SSH scripts for the initial bootstrapping. It typically contains your CDK bootstrapping code, and you can run those scripts as many times as needed. This will give you a good overview of the account settings and how they were set up.
I documented my steps in [this repo](https://github.com/joshbarbee-com/aws-infra) which covers the same process you are going through. I faced the same bootstrapping challenges with S3, IAM, and OIDC—unfortunately, some manual steps are unavoidable.
I highly suggest using CDK instead of Terraform for a personal AWS project. It tends to be more straightforward and user-friendly.
For an enterprise-grade solution, consider AWS Control Tower, but for a hobby project, this might be too complex and costly. You can simplify its architecture for your needs.
1. Begin by creating the S3 bucket and optionally a DynamoDB table for your infrastructure using a Terraform module like [this one](https://github.com/trussworks/terraform-aws-bootstrap).
2. This setup will serve as the backend for your main Terraform configuration. You’ll commit the initial local tfstate file to a private git repository.
This method has worked well for me on a couple of side projects!
You can start with `cdk bootstrap`, which helps set up the necessary resources for you.
For a hobby project, don’t just set up an empty account. Right from the start, create an AWS Organization and use Identity Center. You can then set up member accounts for your projects, including this IaC setup. It’s mostly free and makes managing accounts with IaC a breeze. I have several member accounts and spend around $30-50 a month, mostly on the resources I utilize, not the organization setup itself.
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux